Novaza Mail Security#

Novaza Mail is built with security as a first-class concern. All mail is encrypted in transit, and the integrated anti-spam system protects inboxes from abuse.

Encryption in Transit (TLS)#

All client connections to Novaza Mail are encrypted with TLS 1.2 or TLS 1.3:

  • IMAP (port 993) — SSL/TLS required
  • SMTP (port 465) — SSL/TLS required
  • Webmail — HTTPS with a valid certificate

Mail exchanged between Novaza Mail and external servers is also encrypted with TLS when the remote server supports it (opportunistic TLS). TLS 1.3 is preferred when available.

Anti-Spam and Mail Filtering#

Novaza Mail includes multi-layer spam protection:

Automatic filters#

  • SPF / DKIM / DMARC checks — verify the origin of inbound mail
  • Blocklists — automatically reject known spam IPs and domains
  • Content analysis — detect phishing and promotional patterns
  • Rate limiting — cap send and receive volumes over a time window

Sieve filters (user-defined)#

Users can define custom filtering rules using the Sieve language:

  • Route mail from specific senders into dedicated folders
  • Flag mail containing certain keywords
  • Forward matching mail to another address
  • Send an automatic reply while away

Manage Sieve filters under Webmail → Settings → Filters.

Two-Factor Authentication (2FA)#

Novaza Mail integrates with Novaza SSO to provide two-factor authentication:

  1. Sign in to id.novaza.ai
  2. Navigate to Account Settings → Security → Two-Factor Authentication
  3. Scan the QR code with an authenticator app (Google Authenticator, Authy, or similar)
  4. Enter the verification code to enable

Once 2FA is enabled, webmail sign-in and new device enrollment will require the authentication code in addition to the password.

Password Policy#

Administrators can configure a password policy for the whole organization:

  • Minimum length — default 8 characters
  • Complexity — require special characters, uppercase letters and digits
  • Expiry — require password rotation on a schedule (e.g. every 90 days)
  • History — prevent reuse of previous passwords

Audit Log#

The system records security-relevant events:

  • Successful and failed sign-ins
  • Password changes
  • Mailbox creation and removal
  • Domain configuration changes
  • Permission changes

Administrators review the log under Admin → Audit Log.

Backward Administration Email Protocols (IMAP, POP3, JMAP) Forward

© 2026 Novaza. All rights reserved.